diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-15 14:31:35 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-08-01 19:20:12 +0200 |
| commit | 969d93f14fffadb5cae67a7662484c1e064bbff1 (patch) | |
| tree | 946ae010b4ee006bca59b99fd29b0b1c699c1fb8 /doc | |
| parent | 5e8f64f46cb1dd71b0a94cb7dad87da00b8c5e32 (diff) | |
| download | conntrack-tools-969d93f14fffadb5cae67a7662484c1e064bbff1.tar.gz conntrack-tools-969d93f14fffadb5cae67a7662484c1e064bbff1.zip | |
conntrackd: RPC helper added to cthelper
How to use this helper in a few steps:
1) You can enable this helper via:
nfct helper add rpc inet tcp
nfct helper add rpc inet udp
2) Configure /etc/conntrackd/conntrackd.conf and launch it.
3) You can test this helper locally with the following rule-set:
iptables -A OUTPUT -t raw -p udp -m udp --dport 111 -j CT --helper rpc
iptables -A OUTPUT -t raw -p tcp -m tcp --dport 111 -j CT --helper rpc
iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 111 -j ACCEPT
iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 111 -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P OUTPUT DROP
4) Configure NFS and export some local directory. Then, mount it with version 3.
mount.nfs -onfsvers=3 127.0.0.1:/srv/cvs /mnt/
You should see permanent expectations created for this.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/helper/conntrackd.conf | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/helper/conntrackd.conf b/doc/helper/conntrackd.conf index 711b309..2bf99fa 100644 --- a/doc/helper/conntrackd.conf +++ b/doc/helper/conntrackd.conf @@ -28,6 +28,20 @@ Helper { ExpectTimeout 300 } } + Type rpc inet tcp { + QueueNum 1 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } + Type rpc inet udp { + QueueNum 2 + Policy rpc { + ExpectMax 1 + ExpectTimeout 300 + } + } } # |